>Number: 26184
>Category: pkg
>Synopsis: security/cyrus-sasl2 should be patched (again)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jul 07 13:46:01 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Jukka Salmi
>Release: NetBSD 1.6.2_STABLE
>Organization:
>Environment:
System: NetBSD bart.stasoft.ch 1.6.2_STABLE NetBSD 1.6.2_STABLE (GENERIC) #0: Fri May 28 14:57:42 CEST 2004 root@bart.stasoft.ch:/opt/obj/usr/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
In pkg/26165 I informed about a bug in security/cyrus-sasl2 which prevents
a GSSAPI authenticated user from uploading sieve scripts larger than 4000
bytes; the workaround I mentioned was added as patches/patch-ap.
In the meantime that bug was fixed The Right Way (for details see comments
in CVS commits for plugins/gssapi.c[1]), so pkgsrc should use that fix
instead.
[1] https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/gssapi.c
>How-To-Repeat:
see pkg/26165
>Fix:
Two possible approaches:
1) Patch plugins/gssapi.c to rev. 1.90[2]; that revision includes the fix
but also contains changes to support passing of GSSAPI credentials (wich
will be in SASL 2.1.19). To compile successfully we'd also need to
patch include/saslplug.h to rev. 1.38[3] and delete patches/patch-ap.
2) Use a "backported" version of plugins/gssapi.c which includes the fix
but not the GSSAPI credential passing changes (patching include/saslplug.h
would not be needed then). This could be achieved by continuing to use
patches/patch-ap and adding a patch containing the diff[4] between
revisions 1.86 and 1.90 and some minor manual changes to make it apply
cleanly. I'll send such a patch in a minute.
[2] https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/gssapi.c.diff?r1=text&tr1=1.84&r2=text&tr2=1.90&f=u
[3] https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/include/saslplug.h.diff?r1=text&tr1=1.37&r2=text&tr2=1.38&f=u
[4] https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/gssapi.c.diff?r1=text&tr1=1.86&r2=text&tr2=1.90&f=u
>Release-Note:
>Audit-Trail:
>Unformatted: